UNC General Records Retention and Disposition Schedule:
Information Technology Records
This Schedule applies to records in all media, unless otherwise specified.
- Items – a sample listing of items found within a series. Other related records not listed may also be part of a series.
- Disposition – all dispositions are minimum requirements and include, where applicable, transfer to the custody of the University Archives for appraisal and final disposition.
- Destruction – takes place in the office. Any record with confidential or sensitive information shall be properly destroyed by shredding or by means to ensure that the records cannot be physically recreated.
- Original and Reference Copy –original copy (also known as a record copy) is the official authorized copy kept by the office charged with creating or maintaining the record copy. Reference copies (also known as convenience copies) are preserved for the convenience of reference or ease of access.
No destruction of records may take place if litigation or audits are pending or reasonably anticipated or foreseeable.
Refer to prefatory material for additional instructions or contact your university's records officer for clarification.
Computer and Information Security
- GU118 Access and Security Policies and Security Documentation
- GU119 Computer Security Incident
- GU120 Computer System Review
- GU121 Computer Usage
- GU122 Disaster Preparedness & Recovery Planning
- GU123 Internet Service Logs (External)
- GU124 Network Usage (Internal)
- GU125 System Backup
- GU126 System Users Access Records
- GU127 Audit Trail
- GU128 Automated Off-Line Storage System
- GU129 Destruction of Files Reports
- GU130 Off-Line Control Records
- GU131 Operating System & Hardware Conversion PlanningGU132 Summary Usage Reports
- GU132 Summary Usage Reports
- GU136 Application Development Project
- GU137 Application System Operations
- GU138 Metadata Documentation
- GU139 Quality Assurance
- GU140 Source Code
- GU141 Technical Program Documentation
- GU142 Network Implementation Project
- GU143 Network / Circuit Installation and Service
- GU144 Network Circuit Inventories
- GU145 Network / Site Equipment Support
Information Technology Records
Computer and Information Security
| Series # | Series Title | Series Description | Items | Disposition |
|---|---|---|---|---|
| GU118 | Access, Security Policies and Security Documentation | Comply with applicable provisions of G.S. 132-6.1(c), Health Insurance Portability and Accountability Act (HIPAA), 42 U.S.C. 1320 et seq., regarding confidentiality of computer-related and privacy-related records. | security policies, standards, guidelines, procedures, security plans | Destroy in office 3 years after superseded or obsolete. |
| GU119 | Computer Security Incident | Incidents involving unauthorized attempted entry, probes, and/or attacks on data processing systems, information technology systems, telecommunications networks, and electronic security systems, including associated software and hardware. Comply with applicable provisions of G.S. 132-6.1(c) and HIPAA regarding confidentiality of computer-related and privacy-related records. | reports, logs, extracts and compilations of data | Destroy in office 5 years after incident is resolved. |
| GU120 | Computer System Review | Logs, computer reports and review reports regarding the maintenance and security of the computer system. Comply with applicable provisions of G.S. 132-6.1(c) and HIPAA regarding confidentiality of computer-related and privacy-related records. | firewall logs, system auditing logs, reports, reviews | Destroy in office computer reports and logs when review report is completed. Destroy in office review report and supporting data after 3 years. |
| GU121 | Computer Usage | Monitor computer system usage. Comply with applicable provisions of G.S. 132-6.1(c) regarding confidentiality of computer-related records. | log-in files, system usage, charge backs, data entry logs, security logs | Destroy in office after completion of applicable review and verification procedures, if no litigation, claim, audit or other official action involving the records has been initiated. If official action has been initiated, destroy after completion of action and resolution of issues involved. |
| GU122 | Disaster Preparedness and Recovery Planning | Comply with applicable provisions of G.S. 132-6.1(c) regarding confidentiality of computer-related records. | Destroy in office when superseded or obsolete. | |
| GU123 | Internet Service Logs (External) | Monitor access and use of services provided via the Internet. Comply with applicable provisions of G.S. 132-6.1(c) regarding confidentiality of computer-related records. | website logs, mail server logs, FTP logs, Telnet logs, antivirus/anti-spam mail service logs | Destroy in office after completion of applicable review and verification procedures, if no litigation, claim, audit or other official action involving the records has been initiated. If official action has been initiated, destroy after completion of action and resolution of issues involved. |
| GU124 | Network Usage (Internal) | Monitor network usage. | log-in files, system usage files, reports, firewall logs | Destroy in office after completion of applicable review and verification procedures, if no litigation, claim, audit or other official action involving the records has been initiated. If official action has been initiated, destroy after completion of action and resolution of issues involved. |
| GU125 | System Backup | Copies of master files or databases, application software, logs, directories needed to restore a system in case of a disaster or inadvertent destruction. | Destroy in office in accordance with your office’s established backup plan and procedures – See Security Backup Files as Public Records in North Carolina: Guidelines for the Recycling, Destruction, Erasure and Re-Use of Security Backup Files, at http://www.ah.dcr.state.nc.us/records/. Backups used to document transactions or retained for purposes other than system security should be scheduled separately by the responsible program unit. For fiscal systems, monthly system backups are often retained for the entire fiscal year to provide an audit trail and annual requirements in lieu of copies of the individual master files or databases. If these records are covered by specific Federal audit requirements requiring longer records retention, they should be scheduled separately by the appropriate program unit. It is advisable that for many application systems multiple copies of backups be produced during each cycle. |
|
| GU126 | System Users Access Records | Monitor individual access to a system and its data. | user account records | Destroy in office 1 year after user is withdrawn from system. |